group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1708665] Re: prerotate.sh fails due to no shell for www-data user

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1708665@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Jan 2018 09:44:06 -0000
Reply-to: Bug 1708665 <1708665@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package awstats - 7.4+dfsg-1ubuntu0.3

---------------
awstats (7.4+dfsg-1ubuntu0.3) xenial; urgency=medium

  [ Christian Ehrhardt ]
  * debian/README.Debian, debian/prerotate.sh: fix logrotate integration due to
    change of www-data to /usr/sbin/nologin (Closes: #858461, LP: #1708665)

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Fri, 15 Dec 2017 17:45:01
-0200

** Changed in: awstats (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708665

Title:
  prerotate.sh fails due to no shell for www-data user

Status in awstats package in Ubuntu:
  Fix Released
Status in awstats source package in Xenial:
  Fix Released
Status in awstats source package in Zesty:
  Won't Fix
Status in awstats source package in Artful:
  Fix Released
Status in awstats package in Debian:
  New

Bug description:
  [Impact]
  The logrotate script that is responsible for updating awstats statistics does not run because the www-data user that it runs as does not have a valid shell.

  This update adjusts the su command line to specify the same shell as
  the script shebang line.

  [Test Case]
  To test, run the script:

  Version with the bug:
  $ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
  No directory, logging in with HOME=/
  This account is currently not available.

  Fixed version:
  $ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
  No directory, logging in with HOME=/
  Error while processing /etc/awstats/awstats.conf
  Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats.
  Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong.
  Check config file, permissions and AWStats documentation (in 'docs' directory).

  Note the "fixed" version actually runs the script and complains about
  something else, unrelated to this bug. The admin must complete the
  installation of awstats before using it, but this test is enough to
  verify the fix.

  If you want to get a full run, you have to follow the instructions in the README.Debian file. Basically, at a minimum:
  - edit /etc/awstats/awstats.conf and give SiteDomain a value
  - change group ownership of /var/log/apache2 and /var/log/apache2/* to www-data (that's one solution). README.Debian has other ideas, and I would add using ACLs if your filesystem of choice supports them: "setfacl -m g:www-data:rx /var/log/apache2" and "setfacl -m g:www-data:r /var/log/apache2/*"

  [Regression Potential]
  Code that wasn't running before because of this bug will now run. If the user didn't complete the awstats configuration he/she will get more verbose cron emails.

  
  [Other Info]
  Users who have already worked around the issue by manually editing the logrotate file and adding "-s /bin/sh" or something similar will get a dpkg prompt when upgrading to this version:

  Configuration file '/etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh'
   ==> Modified (by you or by a script) since installation.
   ==> Package distributor has shipped an updated version.
     What would you like to do about it ?  Your options are:
      Y or I  : install the package maintainer's version
      N or O  : keep your currently-installed version
        D     : show the differences between the versions
        Z     : start a shell to examine the situation
   The default action is to keep your current version.


  
  === Original description ===

  This was found in Ubuntu 16.04. I have not tested other versions.

  The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does
  not run by default, because the 'www-data' user does not have a valid
  shell by default.

  root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
  + UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh
  + '[' -x /usr/share/awstats/tools/update.sh ']'
  + su -l -c /usr/share/awstats/tools/update.sh www-data
  This account is currently not available.

  We could give www-data a valid shell but my preferred fix is to edit
  /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly
  specify the shell with '-s /bin/bash':

  diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
  --- /root/prerotate.sh  2017-07-31 17:07:43.749559681 -0500
  +++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh       2017-07-31 17:07:54.122034426 -0500
  @@ -2,5 +2,5 @@
   UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh
   if [ -x $UPDATE_SCRIPT ]
   then
  -  su -l -c $UPDATE_SCRIPT www-data
  +  su -l -c $UPDATE_SCRIPT -s /bin/bash www-data
   fi

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/awstats/+bug/1708665/+subscriptions